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DETAILED ACTION 

Claims 1,3,5, 7, 8, 1 0, 1 3-1 5, and 1 7 are pending. 

A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 
1.17(e), was filed in this application after final rejection. Since this application is eligible for continued 
examination under 37 CFR 1 .114, and the fee set forth in 37 CFR 1 .17(e) has been timely paid, the 
finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's 
submission filed on 10/08/2008 has been entered. 



EXAMINER'S AMENDMENT 

An examiner's amendment to the record appears below. Should the changes and/or additions 
be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure 
consideration of such an amendment, it MUST be submitted no later than the payment of the issue 
fee. 

Authorization for this examiner's amendment was given in a telephone interview with Keith 
Jarosikon 12/15/2008. 

The application has been amended as follows: 



Application/Control Number: 10/685,882 Page 3 

Art Unit: 2435 

1 5. (currently amended) An apparatus to provide network traffic support and physical security 
support comprising: 

a data structur e machine readable medium configured to store firmware of a processor 
system; 

a plurality of virtual machines initialized from the firmware during a pre-boot phase to operate 
like a complete physical machine that can run its own operating system; 

a virtual machine monitor initialized from the firmware during a pre-boot phase to identify at 
least one of a network traffic intrusion event and a physical security intrusion event, 

wherein the identifying the network traffic intrusion event includes: 
detecting an incoming network packet; 

determining whether the incoming network packet is attempting to access a restricted 

port; 

discarding the network packet if the network packet is attempting to access a restricted 

port; 

performing packet level virus scanning on the network packet to determine if the 
network packet is associated with a virus; 

discarding the network packet if the network packet if the network packet is associated 
with a virus; 

determining whether the incoming network packet is a denial of service attack; 
discarding the incoming network packet if the incoming network packet is a denial of 
service attack; 

determining whether the incoming network packet is an alert standard format packet; 
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and invoking a system manageability agent and performing a task if the incoming 
network packet is an alert standard format packet; and 
wherein identifying the physical security intrusion event includes: 

detecting a physical intrusion; 

determining whether a user has authorization to initiate the physical intrusion; 
determining which components of the processor system are vulnerable to the physical 
intrusion; and 

disabling the components of the processor system that are vulnerable to the physical 
intrusion if the user does not have authorization to initiate the physical intrusion. 
21 . (amended) An apparatus as defined in Claim 1 5, wherein the doto structure machine readable 
medium comprises a flash memory. 



Allowable Subject Matter 

Claims 1 , 3, 5, 7, 8, 1 0, 1 3-1 5, and 1 7 are allowed. 

The following is an examiner's statement of reasons for allowance: The prior art teaches wherein the 
identifying the network traffic intrusion event includes: detecting an incoming network packet; 
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determining whether the incoming network packet is attempting to access a restricted port; discarding 
the network packet if the network packet is attempting to access a restricted port; performing packet 
level virus scanning on the network packet to determine if the network packet is associated with a 
virus; discarding the network packet if the network packet if the network packet is associated with a 
virus; wherein identifying the physical security intrusion event includes: detecting a physical intrusion; 
determining whether a user has authorization to initiate the physical intrusion; determining which 
components of the processor system are vulnerable to the physical intrusion; and disabling the 
components of the processor system that are vulnerable to the physical intrusion if the user does not 
have authorization to initiate the physical intrusion, but fails to teach a plurality of virtual machines 
initialized from the firmware during a pre-boot phase to operate like a complete physical machine that 
can run its own operating system; a virtual machine monitor initialized from the firmware during a pre- 
boot phase to identify at least one of a network traffic intrusion event and a physical security intrusion 
event, discarding the incoming network packet if the incoming network packet is a denial of service 
attack; determining whether the incoming network packet is an alert standard format packet; and 
invoking a system manageability agent and performing a task if the incoming network packet is an 
alert standard format packet. 

Any comments considered necessary by applicant must be submitted no later than the 
payment of the issue fee and, to avoid processing delays, should preferably accompany the issue 
fee. Such submissions should be clearly labeled "Comments on Statement of Reasons for 
Allowance." 
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Conclusion 

Any inquiry concerning this communication or earlier communications from the examiner 
should be directed to RANDAL D. MORAN whose telephone number is (571)270-1255. The 
examiner can normally be reached on M-F: 7:00 - 4:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 
Kim Vu can be reached on 571-272-3859. The fax phone number for the organization where this 
application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent Application 
Information Retrieval (PAIR) system. Status information for published applications may be obtained 
from either Private PAIR or Public PAIR. Status information for unpublished applications is available 
through Private PAIR only. For more information about the PAIR system, see http://pair- 
direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the 
Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information system, call 800- 
786-9199 (IN USA OR CANADA) or 571-272-1000. 



/R. D. M./ 

Examiner, Art Unit 2435 

12/10/2008 
/Kimyen Vu/ 

Supervisory Patent Examiner, Art Unit 2435 



